User Seeking Help with TryHackMe "Protocol Drift" AI Security Challenge

A user is stuck on the "Protocol Drift" task in a TryHackMe challenge. They accessed a machine via machine-ip:5000, discovered APIs and a "pharma bot" that executes commands through the "file a note" feature. They found comments in app.js but lack pentesting experience to progress. Their attempt involves sending a prompt to the bot, suspecting it uses a different cookie, and trying to force it to write to their session's /api/callback endpoint.